ip6tables and connection tracking
Hi all guys,
I just finished a push to our ipv6 mirrors of a new iptables
package.
This package adds support for ipv6 connection tracking (from USAGI
project). BE AWARE that the i could perform only a few tests on it and it
might not work everywhere.
In order to use this feature you also need a kernel that supports
connection tracking. You can either use a USAGI kernel or grab the patches
i prepared for kernel 2.6.5 or 2.6.6 (no patches for 2.4 are planned atm).
(http://debian.fabbione.net/kernel/)
What all this means?
It means that now you can simply your ipv6 firewall using options like:
ip6tables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
There is already a known issue! Check it here:
http://www.linux-ipv6.org/ml/usagi-users/msg02952.html
Please report to me any success/failure. Feedback is appreciated
Fabio
PS Laurence I would like to talk with you about inclusion of this features
directly into the Debian package, but only after a wider set of tests that
hopefully people will do soon.
--
<user> fajita: step one
<fajita> Whatever the problem, step one is always to look in the error log.
<user> fajita: step two
<fajita> When in danger or in doubt, step two is to scream and shout.
Reply to: